Wednesday, January 19, 2011

How to recover from forgotten root password in esxi

What follows is a procedure to recover from a forgotten root password in ESXI

20 steps to recovery // Non-supported procedure

Note: This was done with a physical server (not nested esxi) & an Ubuntu cd

01. Power off your esxi server. This will obviously not be a clean shutdown.
02. Insert a linux live cd and boot from it (ubuntu linux was used in this case)
03. Once running from the live cd, open up a terminal
04. Type sudo mount /dev/sda5 /mnt (sda was the boot disk in this case)
05. Type ls /mnt and verify that this partition has the state.tgz file
06. Type sudo cp /mnt/state.tgz /tmp
07. Type cd /tmp to change directories to /tmp
08. Type sudo gzip -d state.tgz
09. Type sudo tar xvf state.tar
10. Type sudo gzip -d local.tgz
11. Type sudo tar xvf local.tar
12. Type cd etc to access the directory that contains the shadow file
13. Type sudo vi shadow to edit the file and use the "x" letter to remove the password
14. Type cd /tmp to go back to the /tmp directory
15. Type sudo tar czvf local.tgz etc to recreate the local.tgz file
16. Type sudo tar czvf state.tgz local.tgz to recreate the state.tgz file
17. Type sudo cp state.tgz /mnt to put the file back into its original location
18. Type sudo reboot to reboot the esxi host. Remove the live cd
19. Log into the esxi server
20. Change the root password by typing passwd. This will update the /etc/shadow file.

Note: The shadow file should be edited carefully. Make sure that you remove
only the password and nothing else. The password resides in the second
field of the first line. By the time you are done, the line should say root::
(nothing between the two ":", don't erase the ":"s. The rest of the line will
have a series of numbers. Leave them alone.